Researchers manage to leak data from a PC by manipulating its screen brightness

Humza

TechSpot Staff
Staff member

Researchers have been able to extract data from a computer by simply changing its screen brightness levels as part of a new optical covert channel that relies on the limitations of human vision. Dr. Mordechai Guri, head of the cybersecurity research center at Israel's Ben Gurion University, conducted the research along with two fellow academics, reports The Hacker News.

Although the target machine doesn’t need network connectivity or physical access for communicating the data, it does need to be infected with malware first, which encodes the sensitive information as “a stream of bytes” and then modulates it on the screen by making small changes in its brightness, invisible to the human eye.

The compromised monitor is then recorded by a video camera, which attackers can access and decode through image processing techniques. “This covert channel is invisible and it works even while the user is working on the computer.” noted the researchers.

Using display-to-camera communication, the screen is modulated with a series of 1s and 0s, which the researchers were able to reconstruct with a 0% error rate. For their experiment, they used a security camera, webcam and a smartphone at varying distances from the target PC and were able to achieve a maximum speed of 10 bits/second.

In the video above, a PC display transmits the text of "Winnie-the-Pooh" story as nothing unusual seems to happen in the side of the user since the changes are "relatively small and occur fast, up to the screen refresh rate," with the overall color change being invisible to the naked eye.

As countermeasures for this type of attack, the researchers suggest implementing a strict policy on using cameras within the premises of air-gapped systems. Given that similar security measures are already taken at such places, they also suggest using a polarized film on the screen that would present a clear view to users but cameras at a distance would see a darkened display.

"Detection countermeasures may include monitoring of the sensitive computer for the presence of suspicious display anomalies at runtime," they add, but since such measures can be evaded by rootkits, a trusted alternative can be achieved by "taking videos of the computers display and searching for hidden brightness change patterns."

Permalink to story.

 

psycros

TS Evangelist
I would've assumed that any company worried enough to use isolated systems would have thought about cameras, too.
 
So this is just the newest iteration of stealing data from the screen, like Tempest systems used to be able to do with older CRT displays. Like they said, just a tad bit of prevention makes it a worthless hack.
 

JimboJoneson

TS Addict
If the system is isolated, how does the software that allows the screen's brightness to be changed get installed in the first place?
Rogue agent on the inside.

Obviously if its properly isolated such an attach can't happen over the net. You'd need an inside agent, to both install the software (via network or physical access), and record / copy camera video files for processing.

This is pretty elaborate, I would think only the top secret agencies, biggest corporations, etc. would attempt to pull something like this off, but I wouldn't be surprised. Espionage can be rather highly motivated.
 
  • Like
Reactions: Humza

Markoni35

TS Maniac
Of course that it's Israel again. When it comes to hacking, stealing info, producing viruses, and general malware, they are always the first.
 

Markoni35

TS Maniac
Like banking?
Yeah, banking too. Goldman Sachs and friends destroyed the world economy in 2008. Thrown Germany into $30,000 billion debt. Thrown US into probably even larger debt. And nobody is responsible for anything. Media not even talking about them.

What about those passenger airplanes, one shot down in Iran, another near miss in Syria. Are those regimes shooting down airliners on purpose?

Nope. It's Israel again. When attacking Syria and Iran, they fly their F-16 near the passenger airplanes. They bomb the targets until the air defense launch missiles at them. Then they go hide behind the nearest airliner, hoping that the missile will hit the airliner instead of them. Which sometimes happens.

World media again "forgets" to mention who is really guilty for those crashes. They blame it on the victim countries, instead of the cowardish perps, which use civilian passengers as living shield.
 

Danny101

TS Evangelist
Nope. It's Israel again. When attacking Syria and Iran, they fly their F-16 near the passenger airplanes. They bomb the targets until the air defense launch missiles at them. Then they go hide behind the nearest airliner, hoping that the missile will hit the airliner instead of them. Which sometimes happens.
Huh! That's interesting. How sure are you that this is happening?
 

Markoni35

TS Maniac
Huh! That's interesting. How sure are you that this is happening?
It's not a big secret, unless you read mainstream media. In that case you'll never hear of it. But if you avoid typical mainstream media, it's not hard to find the truth. Here, even Times of Israel is writing about it:

 
It's not a big secret, unless you read mainstream media. In that case you'll never hear of it. But if you avoid typical mainstream media, it's not hard to find the truth. Here, even Times of Israel is writing about it:

Do you have more than a single claim made by Russia and Syria? Times of Israel wrote about a claim that was made. Not about actual evidence of what you state. Do better.
 

Markoni35

TS Maniac
Do you have more than a single claim made by Russia and Syria? Times of Israel wrote about a claim that was made. Not about actual evidence of what you state. Do better.
Man, I'm not your private investigator. I gave you the info that is well known for years. Now you have entire internet to search for more. Or I can search for you, but then you'll have to pay me.
 

Markoni35

TS Maniac
So your answer to my question is "no, I do not."
My answer to you is this: The moment you realize that your picture about the world and "global truth" is similar to that of people in an average retirement home, you should be worried. Because everything they know comes from media like CNN, or maybe big internet portals. Which means, mostly misinformation. So, decide whether you want to to be like them, or do you want to know the truth. A lot of people actually don't want to know the disturbing truth. They couldn't sleep at night.